Blog

The Change Healthcare cyberattack affected millions of Americans, including patients, health care providers, pharmacies, and physicians. Headlines of cyberattacks are common these days, so it comes as no surprise that consumers are growing increasingly worried about how businesses are handling their personal information. This concern is driving a global push for tougher privacy laws.

While the EU’s General Data Protection Regulation (GDPR) is often seen as a pioneer in data privacy legislation, the US currently relies on a patchwork of state laws based, at least in part on, California’s Consumer Privacy Act (CCPA), and the follow-up California Privacy Rights Act (CPRA).

In total, 14 states — California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, New Jersey, New Hampshire, Oregon, Tennessee, Texas, Utah, and Virginia — have comprehensive data privacy laws.

Privacy vs. personalization

Despite regulations and the desire for privacy, consumers also want personalized experiences when brands communicate with them. For instance, a recent study found that 71% of consumers expect companies to deliver personalized messages. And 76% get frustrated when this doesn’t occur.

With growing consumer privacy concerns and stricter regulations, how can marketers adapt? Here are 7 strategies to connect with your audience while respecting privacy regulations and remaining compliant.*

1. Determine which laws apply to you
Given there is no federal-level privacy law, organizations (and the marketers working with them) need to understand the privacy laws in the state(s) in which they do business. This can make compliance a challenge for health plans that operate in multiple states.

Staying informed about evolving state laws is crucial. Talk with your organization’s legal department and keep an eye on the International Association of Privacy Professionals (IAPP). They offer a very comprehensive resource center and a tracker for state-level privacy legislation.

2. Perform a data audit
Perform a data audit to ensure compliance with your state’s data privacy practices as well as other industry-related regulations.

When conducting an audit, it’s best to not only focus on taking inventory of the specific data points collected, but also where the data is stored. How is it safeguarded? Are there controls limiting who can access the data? How is the data used by your health plan and its affiliates? Is it solely used for the purposes defined within your privacy policy?

Maintain detailed documentation of your data audit findings for compliance purposes. By regularly conducting thorough data audits, health plans can proactively manage their data practices and stay compliant with the growing landscape of US consumer privacy laws.

3. Bolster your security measures
Ensure your health plan has practices in place to protect the collection, transmission, and storage of all first-party data.

Collaboration among marketing leaders and in-house IT professionals will ensure that a business’s marketing technology stack is both effective and compliant with all relevant privacy laws.

Additionally, ensure that all of your partners adhere to your security practices. (I’ll use this opportunity to remind readers that DMW has been SOC-2 type 2 certified for over 10 years!)

4. Develop a first-party data strategy
To develop a first-party data strategy, evaluate the fields you currently require within your web properties. Determine the absolute minimum amount of data you need to achieve a specific marketing goal. For example, do you truly need to request a prospect’s birth date on a web-based form in exchange for an enrollment kit? Birth date is considered protected health information (PHI).

A key element of a strong first-party data strategy is centralizing information from various customer touchpoints. This allows you to create a holistic view of your audience and tailor your marketing e\orts accordingly. Aggregating data from website and landing page interactions, email, surveys (e.g., Consumer Assessment of Healthcare Providers and System [CAHPS]), and other sources allows you to gain a comprehensive understanding of prospective members and unlock the true potential of your first-party data strategy.

Lastly, stay informed with the changing industry by exploring new technologies within the Privacy Sandbox. Explore solutions, such as Topics, which enhances ad relevancy based on specific interest-based categories pulled from a prospect’s browser history.

Staying informed about these advancements allows you to adapt your data collection and targeting strategies to comply with evolving regulations while still reaching your target audience effectively.

The future of marketing lies not in exploiting vast data sets, but in creating personalized experiences that resonate with informed consumers who trust the brands they choose to engage with.

5. Update your site’s privacy policy
Think of your privacy policy as a promise to your prospects regarding what you’ll do with their data after they give it to your organization. Ensure that your health plan’s privacy policy clearly articulates your organization’s data collection practices, such as what data is being collected, how it will be used, and who will have access to it. (Note: DMW has taken steps to clearly articulate this within our own privacy policy.)

Even websites that only collect email addresses need to consider privacy laws. Beyond an email address, which is considered personally identifiable information (PII), other examples of PII include contact details like your name, mailing address, and phone number. Additionally, make sure your website adheres to your state’s regulations. (Recently, CCPA added IP addresses to the category of PII for California residents covered by the law.)

6. Implement data access procedures for consumers
Many privacy laws include provisions allowing consumers to reach out to organizations to inquire about their personal data. According to privacy laws within several states, prospects also have the right to request the deletion of their data. Be prepared to respond to these inquiries in a timely manner and delete a prospect’s data if they request it.

7. Communicate clearly with your audience
With new laws emerging, marketers will need to ensure they comply by giving members and prospective members clear control over their information.

This can be achieved by providing multiple opt-in and opt-out options for targeted marketing campaigns. Emails can include links to web-based preference centers, allowing subscribers to choose the types of messages they want to receive.

Consider asking website visitors for their approval to be tracked, allowing them to opt-in to future correspondence. Additionally, provide a clear and accessible way to opt-out of data collection. Tools like Cookiebot can help you obtain permission before tracking your audience and can even work in conjunction with your current Google Tag Manager pixels.

Embracing the future: beyond compliance

Consumer privacy laws aren’t roadblocks; they’re opportunities to refine marketing strategies and build stronger relationships with consumers. Ultimately, the future of marketing lies not in exploiting vast data sets, but in creating personalized experiences that resonate with informed consumers who trust the brands they choose to engage with.

By allowing prospects the ability to set their preferences, you can ensure that you’re not wasting resources communicating with an unresponsive individual. If you need help determining how your state’s privacy laws can potentially impact your marketing efforts, reach out to DMW today.

*This is not legal advice. Keep in mind, the laws within your state may differ slightly from the recommendations presented above.